I have a question about switching. I have two devices connected to a switch with IP addresses 192.168.5.20 and 192.168.5.10. Both devices have the same prefix, /24. That means they are on the same subnet.
If I split these devices on different VLANs (10 and 20) on the switch, it will not communicate although they are on same subnet. Why does that happen?
Best Answer
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.